smartphones privacy on - vs.inf.ethz.ch · paranoid android versatile protection for smartphones...
TRANSCRIPT
![Page 1: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/1.jpg)
Privacy on SmartphonesPresentation by Claude Barthels
![Page 2: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/2.jpg)
Roadmap
■ TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
■ MockDroid: Trading Privacy for Application Functionality on Smartphones
■ Paranoid Android: Versatile Protection for Smartphones
![Page 3: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/3.jpg)
TaintDroidAn Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
Paper by W. Enck, P. Gilbert, B.-G. Chun,L. P. Cox, J. Jung, P. McDaniel, A. N. Sheth
![Page 4: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/4.jpg)
Problem Setting
?
![Page 5: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/5.jpg)
What is TaintDroid?
Extension of the Android platform Tracks flow of information through an application Realtime analysis & feedback Tracks data between processes (file, IPC, ...)
![Page 6: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/6.jpg)
General idea
Mark (taint) sensitive information Taint sources and sinks
Taint Source Taint Sink
ApplicationSensitive Information Tainted Information
ALERT!if (taint == true)
![Page 7: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/7.jpg)
Design Challenges
Limited resources & performance Identifying private information Multiple types and sources of sensitive data Data sharing between applications
![Page 8: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/8.jpg)
User notification
![Page 9: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/9.jpg)
How it works - Variable level
Multiple taint markings stored in a taint tag Taint tag is a 32bit vector Stored adjacent to the variables Only one taint tag per array
![Page 10: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/10.jpg)
How it works - Stack layout
![Page 11: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/11.jpg)
How it works - Message & file level
Only one tag per message or file Union over all taint tags of the variables contained in the message or file Potential for false positives Less overhead than a finer granularity
![Page 12: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/12.jpg)
How it works - Propagation logic
![Page 13: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/13.jpg)
Where to place taint sources & sinks?
Low-bandwidth sensors (location, accelerometer, ...) High-bandwidth sensors (camera, microphone, ...) Information databases (calendar, address book, ...) Device identifiers (SIM number, IMEI number, ...) Network Taint Sink
![Page 14: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/14.jpg)
Limitations
Data flow tracking only / No control flow tracking Native code is unmonitored
○ Conservative heuristic: Assign union of argument taint markings to return type
Sometimes too coarse grained
○ One taint tag per message or file○ One taint tag per array
![Page 15: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/15.jpg)
Performance
![Page 16: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/16.jpg)
Experiment - Setup
30 popular applications ~ 100 minutes of recording Network access + additional permissions Nexus One with Android 2.1
![Page 17: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/17.jpg)
Experiment - Applications
![Page 18: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/18.jpg)
Experiment - Results
![Page 19: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/19.jpg)
Reviews
6 Reviews - Average Score 2.16 (accept)+ Privacy is an issue (Data scandal is a matter of time)+ Low overhead / Good performance - accuracy tradeoff+/- Study with open source software as ground truth+/- A lot of implementation details- No native code tracking or static code analysis- A lot of Android knowledge required- Too sophisticated for 'normal' user- May force developers to create new malicious ways to
get the data- Only notifications / No control
![Page 20: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/20.jpg)
MockDroidTrading Privacy for Application Functionality on Smartphones
Paper by A. R. Beresford, A. Rice, N. Skehin, R. Sohan
![Page 21: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/21.jpg)
Problem setting
Similar problem setting as TaintDroid Applications often require sensitive data to work correctly Access to resources is grantedonce at install time and cannotbe changed afterwards
![Page 22: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/22.jpg)
What is MockDroid?
Extension of the Android platform MockDroid allows to fake (mock) sensitive data Decision of faking data can be done/changed at runtime
![Page 23: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/23.jpg)
What is MockDroid?
![Page 24: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/24.jpg)
How it works
Granted permissions are stored by Android in an in-memory data structure and on disk API calls check the in-memory data structure MockDroid extends the data structure with a 'real' and a 'mocked' version of the permission Internet permissions requires inet group. MockDroid therefore adds a mocked_inet group
![Page 25: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/25.jpg)
What can be faked?
Location - no location fix Internet - connection timeout Calendar & contacts - empty database - zero rows affected Device id - Fake constant value Broadcast intents - Intents never sent/received
![Page 26: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/26.jpg)
Limitations
Limited in what can be faked
○ Instead of no location, just an approximate indication (e.g. next big city)
○ Instead of empty contact or calendar database, MockDroid could return a subset (like public events)
![Page 27: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/27.jpg)
Evaluation
Local○ location used for
location basedadvertisements
○ No reducedfunctionality
Internet:
○ Limited functionalitywhen mocking internet access
○ Continue to run even without internet access
![Page 28: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/28.jpg)
Paranoid AndroidVersatile Protection for Smartphones
Paper by G. Portokalidis, P. Homburg,K. Anagostakis, H. Bos
![Page 29: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/29.jpg)
Problem setting
Smartphones hold privacy sensitive information Become highly valuable targets for attacks Security solutions from PCs are not always applicable to smartphones
![Page 30: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/30.jpg)
What is Paranoid Android?
Security as a service Security checks are performed by security servers Security servers hold an exact replica of the phone in a virtual environment Record & replay model
![Page 31: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/31.jpg)
Overall architecture
![Page 32: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/32.jpg)
Security Model
Buffer overflows & Code injection(implemented in prototype) Open source AntiVirus scanner (for file scans) (implemented in prototype) Memory scanner for patterns of malicious code Abnormal system call detection ... flexible model which can be extended
![Page 33: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/33.jpg)
Notification & Recovery
Notifications, Emails or SMS may be blocked Hardware support Restore to clean state using the replica Minimizing data loss
![Page 34: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/34.jpg)
Evaluation
Amount of trace data Overhead of the tracer Performance and scalability of the server
![Page 35: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/35.jpg)
Evaluation - Amount of trace data
![Page 36: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/36.jpg)
Evaluation - Overhead
![Page 37: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/37.jpg)
Evaluation - Server scalability
![Page 38: Smartphones Privacy on - vs.inf.ethz.ch · Paranoid Android Versatile Protection for Smartphones Paper by G. Portokalidis, P. Homburg, K. Anagostakis, H. Bos. Problem setting Smartphones](https://reader033.vdocument.in/reader033/viewer/2022052611/5f06c7217e708231d419af75/html5/thumbnails/38.jpg)
Thank you very much for your attention!
Questions & Discussion
■ Which approach do you like most? Or other ways to
protect privacy?
■ Will it become a necessity to run AV software on a
phone?
■ Has anyone installed an AV already?
■ What is a better approach: restricted platforms like iOS or
more open platforms like Android?